[tahoe-lafs-trac-stream] [Tahoe-LAFS] #2215: mitigate heartbleed vulnerability

Tahoe-LAFS trac at tahoe-lafs.org
Fri May 6 16:16:53 UTC 2016


#2215: mitigate heartbleed vulnerability
-------------------------------------+-------------------------------------
     Reporter:  daira                |      Owner:  daira
         Type:  defect               |     Status:  closed
     Priority:  major                |  Milestone:  1.12.0
    Component:  code                 |    Version:  1.10.0
   Resolution:  somebody else's      |   Keywords:  security integrity
  problem                            |  confidentiality capleak pyopenssl
Launchpad Bug:                       |  cffi packaging manual-test-needed
-------------------------------------+-------------------------------------
Changes (by warner):

 * status:  assigned => closed
 * resolution:   => somebody else's problem


Comment:

 Talking with marlowe today, we decided to WONTFIX this. If somebody has a
 clever talk-to-myself-and-discover-if-I'm-vulnerable tool, we can include
 it, but absent that, I think our best option is to mention heartbleed in
 the docs and tell folks that they need to upgrade their platform to have
 it fixed. Most linux distributions have fixed it by now, so it should
 really only be an issue for very old distributions, on which Tahoe is
 unlikely to run anyways.

--
Ticket URL: <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/2215#comment:27>
Tahoe-LAFS <https://Tahoe-LAFS.org>
secure decentralized storage


More information about the tahoe-lafs-trac-stream mailing list